Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot ping my VLAN CARP IP Address

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    3 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SenseOfPF
      last edited by

      Hi All,

      I have set up a new pfSense failover cluster using version 2.1.5. Both pfSense boxes have a LAN connection, two WAN interfaces and a SYNC interface dedicated to synchronization between them.

      I have set up CARP IP address for LAN (10.30.0.254), WAN1 and WAN2 and it seems to work correctly. New rules, users … are synchronized with the backup pfSense. If I switch off the master, the backup one become master and all is working properly.

      But I have a problem if I try to ping the LAN CARP address or acesses the webGUI (https://10.30.0.254), from a computer connected to LAN with LAN carp address as gateway it fails, whereas the computer can access with no problem the internet.

      Another strange behavior is that this pfSense cluster is connected through a VPN IPSec tunnel to other sites and I can ping or access webGui to 10.30.0.254 from remote sites without any problem !!!

      Any idea of what is causing this behavior?

      Best Regards.

      1 Reply Last reply Reply Quote 0
      • S
        SenseOfPF
        last edited by

        I have been searching for a while but I did not manage to find the trick. The pfSense failover cluster is the only router of the site, there are only switches between the cluster and computers.

        My Virtual IP configuration are the following:

        If I try, from a computer with CARP LAN address as Gateway, to ping my CARP LAN address it fails, if I try to do a tracert it also fails after 30 hops:

        Really I suppose that the problem is on the site LAN side because this computer can correctly access internet or remote resources behind VPN IPSec tunnel !!!

        Do you think it can be a problem with the switches between computers and pfSense cluster, do I have to enable promiscuous mode on those switches ?

        Thanks in advance

        WroVIP.JPG
        WroVIP.JPG_thumb
        WroTrcrtPing.JPG
        WroTrcrtPing.JPG_thumb

        1 Reply Last reply Reply Quote 0
        • B
          BBMitch
          last edited by

          I would check that your firewall rules should allow the ping of course, but then try failing over (disable carp on primary to force a transfer) - pings might start working then - if so, you might be seeing the same problem secgeek and I are noticing.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.